The National Infrastructure Advisory Council (NIAC) has once again urged U.S. President Donald Trump to establish a new agency that brings public- and private-sector actors together to identify and take action on cyberthreats affecting critical infrastructure.
The council issued its call on December 10 with the release of a draft report, “Actionable Cyber Intelligence: An Executive-Led Collaborative Model.” In the document, NIAC notes that it has already made similar recommendations – particularly in “Transforming the U.S. Cyber Threat Partnership,” a study released in December 2019 that calls for the establishment of a Critical Infrastructure Command Center (CICC). It states that it still favors this plan and has drawn up a concept of operations that will allow the center to be set up in stages.
“Work together in a new and different way”
The report, which outlines that concept of operations, is based on the premise that “government and industry must work together in a new and different way” in the face of mounting cyberthreats to critical infrastructure systems (CIS).
NIAC explains this call for public/private collaboration by pointing out the fact that hostile actors, including the governments of states such as Russia and Iran, have both the desire and the ability to mount attacks against these key sectors of the U.S. economy from afar. It also argues that existing arrangements for the sharing of classified and unclassified intelligence on emerging and existing risks are inadequate, partly because they allow only limited collaboration between the U.S. government and U.S. businesses and partly because they do not allow for real-time responses to new hazards.
“Existing intelligence sharing between government and industry does not move at the speed required to prevent, mitigate, or respond to the most serious cyber threats to the most critical infrastructure systems,” it asserts. This lack of speed has the potential to harm some of the most crucial components of the U.S. economy, it says.
Establishing a 24/7 watch floor
To address these deficiencies, the council returns to its CICC proposal, making a case for the formation of an operations center capable of “[driving] innovative, tactical, and rapid solutions” to cybersecurity threats.
According to the report, the center would function as a watch floor – a threat monitoring and response planning unit capable of remaining in operation 24 hours a day, seven days a week. The unit would be staffed by representatives of the private and public sectors, including senior managers, intelligence analysts, and cybersecurity experts. All of these staffers would work together in a classified environment to make rapid assessments of real-time intelligence, develop tactical measures to defend CIS, and then make information about those measures available to the parties that might be affected.
Initially, NIAC says, the watch floor would concentrate on cyberthreats targeting the communications, energy, and financial services sectors. All three sectors are “highly targeted,” as well as critical to the continued functioning of the U.S. economy, it notes.
It also states that the CICC must be able to serve in the following capacities from the outset:
- as a setting for real-time and direct collaboration between private-sector experts and government intelligence analysts
- as a forum for development of innovative measures to mitigate cyberthreats
- as an arena for discussion and assessment of how specific cyberthreats might affect critical infrastructure
- as a system capable of monitoring activity that may pose threats to information technology (IT) and operational technology (OT) systems in critical infrastructure sectors
- as a medium that allows the intelligence community to share information and intelligence on cyberthreats with private-sector companies
The report notes that CICC would complement existing avenues for identifying and responding to risks and hazards, such as Information Sharing and Analysis Centers (ISACs). But it also points out that the proposed agency would be able to do more, as it would provide more opportunities for cooperation between the public and private sector, widen the scope of discussions on risks to CIS, and facilitate the coordination of responses to cyberthreats.
U.S. political transition may affect the pace of the response
In the last section of the report, NIAC urges fast action on its proposal to establish a new agency to share information on cyberthreats affecting critical infrastructure. Specifically, it says it would like to see the first steps taken towards the establishment of CICC within the next four months.
This pace seems unrealistic. Trump is due to leave office in January to make way for President-Elect Joe Biden, and the transition has the potential to be hectic enough to draw U.S. government agencies’ attention elsewhere.
Nevertheless, there have been some indications that Biden’s team is taking an active approach to cyberthreats and will not neglect the matter. For example, four of its first six cabinet picks contributed to the roll-out of new cybersecurity approaches during the administration of President Barack Obama.